Announcement

Collapse
No announcement yet.

VPN Client Blocking Traffic

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN Client Blocking Traffic

    Hi There,

    I have a VPN configured on my PIX 501 and am connecting with cisco VPN client v5. the connection is established fine however when i try to connect to a share on a server that i have NAT exempted the Client stateful firewall blocks the traffic.

    I have attached my runing config and a copy of the log from the most recent session.


    cheers.
    Attached Files

  • #2
    Re: VPN Client Blocking Traffic

    i have found this problem in my software also, any one have idea for this?

    Comment


    • #3
      Re: VPN Client Blocking Traffic

      In your config, you have the following command:

      access-list xxxxxxxx_splitTunnelAcl permit ip interface inside any

      This tells the VPN client that all traffic should be sent outside the vpn tunnel, unencrypted. I know that specifying interface inside any should mean anything on the inside interface subnet, but I've had problems with it. You probably are able to reach the inside interface of your pix, but nothing else. Try changing it to the following:

      access-list xxxxxxxx_splitTunnelAcl standard permit 192.168.1.0 255.255.255.192

      Now the vpn client will send traffic with a destination address in the 192.168.1.0/26 subnet through the tunnel and all other traffic will go to the public internet.

      Let me know if that fixes the problem.
      Last edited by carnahanm; 5th December 2008, 18:36. Reason: Grammatical edit

      Comment


      • #4
        Re: VPN Client Blocking Traffic

        Hi dEAR ,

        your log seems to tell that when u r hiting the server xxxx.xxxx.xxx.xxx) from source 192.168.1.xxx ,then attached ports are blocked from server end i.e(xxx.xxx.xxx.xxx) .

        So u need to open this port .

        This logs say whta i mean to say .Ihave pick outthis logs from ur attached file only .

        77 17:16:20.687 11/21/08 Sev=Info/4 FIREWALL/0x63A00002
        BLOCK: IGMP 192.168.1.xx to 224.0.0.22

        78 17:16:20.718 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: UDP 192.168.1.xx:1055 to 239.255.255.250:1900

        79 17:16:20.734 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: UDP 192.168.1.xx:137 to 192.168.1.255:137


        06 17:16:49.109 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1057 to xxx.xxx.xxx.x0:445

        107 17:16:49.109 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1058 to xxx.xxx.xxx.x0:139

        108 17:17:10.140 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1060 to xxx.xxx.xxx.x0:80

        109 17:17:31.046 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1061 to xxx.xxx.xxx.x0:445

        110 17:17:31.046 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1062 to xxx.xxx.xxx.x0:139

        111 17:17:52.062 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1064 to xxx.xxx.xxx.x0:80

        112 17:17:53.796 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: UDP 192.168.1.xx:138 to 192.168.1.255:138

        113 17:18:13.046 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1065 to xxx.xxx.xxx.x0:445

        114 17:18:13.046 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1066 to xxx.xxx.xxx.x0:139

        115 17:18:34.046 11/21/08 Sev=Info/4 FIREWALL/0x63A00003
        BLOCK: TCP 192.168.1.xx:1068 to xxx.xxx.xxx.x0:80

        Comment


        • #5
          Re: VPN Client Blocking Traffic

          Those blocks are coming from the firewall that is built into the client and that the packets are not even leaving the machine.
          Last edited by carnahanm; 16th December 2008, 14:48. Reason: added more clarification

          Comment

          Working...
          X